Metasploit Wrap-up 06/06/25

ThinManager Path Traversal (CVE-2023-27855) Arbitrary File Upload Authors: Michael Heinzl and Tenable Type: Auxiliary Pull request: #20138 contributed by h4x-x0r Path: admin/networking/thinmanager_traversal_upload AttackerKB reference: CVE-2023-2917 Description: Adds an auxiliary module that targets CVE-2023-27855, a path traversal vulnerability in ThinManager <= v13.0.1 to upload an arbitrary file to the target system as SYSTEM. ThinManager Path Traversal (CVE-2023-2917) Arbitrary File Upload Authors: Michael Heinzl and Tenable Type: Auxiliary Pull request: #20141 contributed by h4x-x0r Path: admin/networking/thinmanager_traversal_upload2 AttackerKB reference: CVE-2023-2917 Description: Adds a module targeting CVE-2023-2917, a path traversal vulnerability in ThinManager <= v13.1.0, to upload an arbitrary file as system. ThinManager Path Traversal (CVE-2023-27856) Arbitrary File Download Authors: Michael Heinzl and Tenable Type: Auxiliary Pull request: #20139 contributed by h4x-x0r Path: gather/thinmanager_traversal_download AttackerKB reference: CVE-2023-27856 Description: Adds an auxiliary module targeting CVE-2023-27856, a path traversal vulnerability in ThinManager <= v13.0.1, to download an arbitrary file from the target system. udev persistence Author: Julien Voisin Type: Exploit Pull request: #19472 contributed by jvoisin Path: linux/local/udev_persistence Description: This adds a module for udev persistence for Linux targets. The module requires root access because…Read More